install_arch: verify bootstrap image signature

Fixes #458 (closed).

roles/install_arch/tasks/main.yml

@@ -7,9 +7,19 @@
   fail: msg="Not running in rescue system!"
   when: "'Hetzner Rescue' not in motd_contents.stdout and 'Rescue environment based on Alpine Linux' not in motd_contents.stdout"
 
-- name: Make sure all required packages are installed in the rescue system for installation
-  apk: name=sgdisk,btrfs-progs,tar update_cache=yes
+- name: Prepare Equinix Metal rescue system
   when: ansible_facts['os_family'] == "Alpine"
+  block:
+    - name: Make sure all required packages are installed in the rescue system
+      apk: name=sgdisk,btrfs-progs,tar,gnupg update_cache=yes
+
+    - name: Create the GnuPG home directory for the root user
+      file: path=/root/.gnupg state=directory owner=root group=root mode=0700
+
+    # Need to set no-use-tor otherwise dirmngr hangs at startup checking if
+    # 127.0.0.1:9050 works and remains in SYN-SENT state for about a minute
+    - name: Set the no-use-tor option in dirmngr.conf
+      lineinfile: name=/root/.gnupg/dirmngr.conf create=yes line=no-use-tor owner=root group=root mode=0644
 
 - name: Create GRUB embed partitions
   command: sgdisk -g --clear -n 1:0:+1M {{ item }} -c 1:boot -t 1:ef02